ivizo 


Monge, Elaine (SCA) 


From: 

Sent: 

To: 

Subject: 


noreply@formstack.com 
Friday, February 24, 2017 6:10 AM 
Breaches, Data (SCA) 

Security Breach Notifications 








Formstack Submission for form Security Breach Notifications 


Submitted at 02/24/1 7 6:10 AM 

Business Name: 

Business Address: 

Company Type: 

Your Name: 


Goldberg, Miller & Rubin, PC 

121 South Broad Street, Suite 1600 
Philadelphia, PA 19107 

Other 

David Ries 


Title: 

Contact Address: 

Telephone Number: 
Extension: 

Email Address: 


Of Counsel 

One Oxford Centre 

301 Grant Street, 14th Floor 

Pittsburgh, PA 15219 

(412) 394-7787 


dries@clarkhill.com 


Relationship to Org: 


Other 


Breach Type: Electronic 

Date Breach was Discovered: 10/25/2016 


Number of Massachusetts Residents 1 
Affected: 


Person responsible for data breach.: Other 

Please give a detailed explanation of Goldberg, Miller & Rubin (GMR) was notified in late October of 2016 
how the data breach occurred.: by a security researcher that he had been able to access electronic 

files relating to some of GMR's cases. The electronic files were 
stored at a facility in Philadelphia, PA maintained by GMR’s third 
party service provider for backup and disaster recovery purposes. It 
appears that the service provider made an error in configuring the 
backup device in November 2015. 

GMR's investigation is complete, and at this time GMR is not aware 
of any unauthorized access to or acquisition of any data (except by 
the security researcher) and is not aware of any misuse of any of the 


l 










information. The security researcher has provided assurances that he 
did not misuse or further disclose any personally identifiable y 
information, and that he has securely deleted all GMR data. 

Please select the type of personal Financial Account Numbers = Selection(s) 
information that was included in the Social Security Numbers = Selection(s) 
breached data.: Driver's License = Selection(s) 

Please check ALL of the boxes that The breach occurred at the location of a third party service provider, 
apply to your breach.: y--.1 = Selections) : \y 

For breaches involving paper: A lock N/A 
or security mechanism was used to 
physically protect the data.: 

Physical access to systems Yes 

containing personal information was 
restricted to authorized personnel 
only.: 

Network configuration of breached Internet Access Available 
system: 

For breaches involving electronic Personal information stored on the breached system was password- 

systems, complete the following: protected and/or restricted by user permissions. = Selection(s) 

All Massachusetts residents affected Yes 

by the breach have been notified of 
the breach.: 

Method(s) used to notify US Mail = Selection(s) 

Massachusetts residents affected by 
the breach (check all that apply):: 

Date notices were first sent to 02/23/2017 

Massachusetts residents 

(MM/DD/YYYY): 

AH Massachusetts residents affected Yes 

by the breach have been offered 
complimentary credit monitoring 
services.: .■ • 

Law enforcement has been notified of No 
this data breach.: 

Please describe how your company Upon discovery of the misconfiguration, the backup device was shut 
responded to the breach. Include what down immediately and GMR is now using an alternate secure service 
changes were made or may be made provider. GMR is reviewing and updating its security to provide 
to prevent another similar breach additional safeguards, 

from occurring.: 

Terms | Privacy 

Copyright © 2017 Formstack, LLC. All rights reserved. 

This is a customer service email. 

Formstack, LLC 
8604 Allisonville Rd. 

Suite 300 

Indianapolis, IN 46250 
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Monge, Elaine (SCA) 


From: 

Sent: 

To: 

Subject: 

Attachments: 


Ries, David G. <dries@clarkhill.com> 
Friday, February 24, 2017 6:40 AM 
Breaches, Data (SCA) 

Data Breach Notifications Submission 
Notice Letter MA.pdf 


Attached is a sample breach notification letter for Goldberg, Miller & Rubin. The online data breach notification form has 
been submitted. 

David G. Ries 
CLARK HILL PLC 

One Oxford Centre | 301 Grant Street, 14th FI. | Pittsburgh, PA 15219 
Direct Dial: 412.394.7787 | Cell: 412.580.3664 j Fax: 412.394.2555 
DRies@ClarkHill.com | www.clarkhill.com 

LEGAL NOTICE: This e-mail, along with any attachment(s), is considered confidential and may be legally 
privileged. If you have received it in error, please notify us immediately by reply e-mail and then delete this 
message from your system. Please do not copy it or use it for any purposes, or disclose its contents to any other 
person. Thank you for your cooperation. 


l 





Goldberg, Miller & Rubin P.C. 

Processing Center • P.O. BOX 141578 • Austin, TX 78714 



AC01214 


CitiRan 

JOHN Q. SAMPLE 
1234 MAIN STREET 
ANYTOWN US 12345-6789 


MO U SE . QL B AT AB RE A CH 


February 23,2017 


Dear John Sample, 

We are writing to tell you about a situation that may have exposed some of your personal information between October 
2015 and late October 2016. We take the protection of your information very seriously and are contacting you directly to 
notify you about the Incident and resources we are making available to you. 

What Information Was Involved? 

We have the data because we represented you or another party in a claim or lawsuit. The information varies, case by 
case, and may Include information provided by you, your attorney, or an insurance company and Information collected 
during investigation and discovery In the case. 

Such Information may Include your contact information, Social Security number, medical records, employment records, 
driver’s license number, driving records, tax records, banking records, and additional information, In addition to publicly 
available Information relating to the claim or lawsuit. 

What You Can Do. 

We want to make you aware of steps you may take to guard against potential identity theft or fraud. Please review the 
enclosed Information about identity Theft Protection about what you can do. 

As an added precaution, we have arranged to have AllClear ID protect your identity for twelve months at no cost to you. 
The following identity protection services start on the date of this notice and you can use them at any time during the next 
twelve months. 

The following Identity protection services start on the date of this notice and you can use them at any time during the next 
twelve months. This credit monitoring Is being offered to comply with requirements that exist in certain states and, as a 
result, Is being extended to individuals who live in states without such requirements as a courtesy In order to treat 
individuals equally. The offer therefore is not intended and should not be taken to suggest or acknowledge that recipients 
of the offer are at any substantial risk of harm. 

AllClear Identity Repair: This service Is automatically available to you with no enrollment required. If a problem arises, 
simply call 1-855-250-7689 and a dedicated Investigator will help recover financial losses, restore your credit and make 
sure your identity Is returned to its proper condition. 



01-Q3-S40 




AllClear Credit Monitoring: This service offers additional layers of protection including credit monitoring and a $1 million 
identity theft Insurance policy. For a child under 18 years old, AllClear ID ChildScan identifies acts of credit, criminal, 
medical or employment fraud against children by searching thousands of public databases for use of your child’s 
information. To use this service, you will need to provide your personal Information to AllClear ID. You may sign up online 
at enroll.allclearid.com or by phone by calling 1-855-250-7689 using the following redemption code: Redemption Code. 

Please note: Additional steps may be required by you in order to activate your phone alerts and monitoring options. 

pgr Mora inf o r matio n. 

If you have further questions or concerns about this incident, you can obtain more information from our call center at 
1-855-250-7689, Monday through Saturday, 8 am - 8 pm CST. We sincerely regret any inconvenience or concern caused 
by this Incident. 

Sincerely, 


Jason W. Rubin, Managing Partner 
Goldberg, Miller & Rubin, P.C. 

121 South Broad Street, Suite 1600 
Philadelphia, PA 19107 



Info rmat l pp . gbout | de t itityJT h ef t i ?rQ ie c l] o ri 


We recommend that you regulariy review statements from your accounts and periodically obtain your credit report from one or 
more of the national credit reporting companies. You may obtain a free copy of your credit report online at 
www.annuatcreditreport.com, by calling toll-free 1-877-322-8228, or by mailing an Annual Credit Report Request Form 
{available at www.annualcreditreport.com) to: Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA, 30348- 
5281. You may also purchase a copy of your credit report by contacting one or more of the three national credit reporting 
agendas listed below. 

Equifax: P.O. Box 740241, Atlanta, Georgia 30374-0241, 1-800-685-1111, www.equifax.com 

Experian: P.O. Box 9532, Allen, TX 75013,1-888-397-3742, www.experian.com 

TransUnlon: P.O. Box 1000, Chester, PA 19022,1-800-888-4213, www.transunton.com 

When you receive your credit reports, review them carefully. Look for accounts or creditor inquiries that you did not initiate or do 
not recognize. Look for information, such as home address and Social Security number, that is not accurate. If you see 
anything you do not understand, call the credit reporting agency at the telephone number on the report. 

We recommend you remain vigilant with respect to reviewing your account statements and credit reports, and promptly report 
any suspicious activity or suspected identity theft to us and to the proper law enforcement authorities, including local 
law enforcement, your state’s attorney general and/or the Federal Trade Commission (“FTC”). You may contact the FTC or 
your state's regulatory authority to obtain additional information about avoiding identity theft. 

Federal Trade Commission, Identity Theft Clearinghouse 

600 Pennsylvania Avenue, NW, Washington, DC 20580, 1-877-IDTHEFT (438-4338), www.identitytheft.gov and 
www.ftc.gov/idtheft. You can also request a copy of the publication, “Take Charge: Fighting Back Against Identity 
Theft” from http://www.ftc.gov/bcp/edu/pubs/consumer/idtheft/idt04.pdf. 

For residents of Massachusetts: You also have the right to obtain a police report. 

Information about personal health Information and medical records 

We recommend that you regulariy review the explanation of benefits statement that you receive from your insurer. If you see 
any service that you believe you did not receive, please contact your insurer at the number on the statement. If you do not 
receive regular explanation of benefits statements, contact your provider and request them to send such statements following 
the provision of services in your name or number. 

You may want to order copies of your credit reports and check for any medical bills that you do not recognize, if you find 
anything suspicious, call the credit reporting agency at the phone number on the report. Keep a copy of this notice for your 
records In case of future problems with your medical records. You may also want to request a copy of your medical records 
from your provider, to sen/e as a baseline. If you are a California resident, we suggest that you visit the web site of the 
California Office of Privacy Protection atwww.privacy.ca.gov to find more information about your medical privacy. 

Suggestions If You Are a Victim of Identity Theft: 

• File a police report. Get a copy of the report to submit to your creditors and others that may require proof of a 
crime. 

• Contact the U.S. Federal Trade Commission (FTC). The FTC provides useful information to identity theft victims 
and maintains a database of identity theft cases for use by law enforcement agencies. File a report with the FTC 
by calling the FTC's Identity Theft Hotline: 1- 877-IDTHEFT (438-4338); online at http://www.identitytheft.gov; or 
by mall at Identity Theft Clearinghouse, Federal Trade Commission, 600 Pennsylvania Ave., N.W., Washington, 
D.C. 20580. 

• Keep a record of your contacts. Start a file with copies of your credit reports, the police reports, any 
correspondence, and copies of disputed bills. It is also helpful to keep a log of your conversations with creditors, 
law enforcement officials, and other relevant parties. 

Fraud Alerts: There are also two types of fraud alerts that you can place on your credit report to put your creditors on notice 
that you may be a victim of fraud: an initial alert and an extended alert. You may ask that an initial fraud alert be placed on your 
credit report if you suspect you have been, or are about to be, a victim of identity theft. An Initial fraud alert stays on your credit 
report for at least 90 days. You may have an extended alert placed on your credit report if you have already been a victim of 
identity theft with the appropriate documentary proof. An extended fraud alert stays on your credit report for seven years. You 
can place a fraud alert on your credit report by calling the toll-free fraud number of any of the three national credit reporting 
agencies listed below. 





Equifax: 1-888-766-0008, www.equifax.com 

Experian: 1-888-397-3742, www.experian.com 

TransUnion: 1-800-680-7289, fraud.iransunion.com 

Credit Freezes (for Massachusetts Residents): Massachusetts law gives you the right to place a security freeze on your 
consumer reports. A security freeze is designed to prevent credit, loans and services from being approved In your name without 
your consent. Using a security freeze, however, may delay your ability to obtain credit. You may request that a freeze be 
placed on your credit report by sending a request to a credit reporting agency by certified mail, overnight mail or regular 
stamped mall to the address below: 

Equifax: P.O. Box 105788, Atlanta, GA 30348, www.equifax.com 

Experian: P.O. Box 9554, Allen, TX 75013, www.experian.com 

TransUnion LLC: P.O. Box 2000, Chester, PA, 19022-2000, freeze.transunion.com 

Unlike a fraud alert, you must separately place a credit freeze on your credit We at each credit reporting company. The following 
information should be included when requesting a security freeze (documentation for you and your spouse must be submitted 
when freezing a spouse’s credit report): full name, with middle Initial and any suffixes; Social Security number; date of birth 
(month, day and year); current address and previous addresses for the past five (5) years; and applicable fee (if any) or incident 
report or complaint with a law enforcement agency or the Department of Motor Vehicles. The request should also include a 
copy of a government-issued identification card, such as a driver’s license, state or military ID card, and a copy of a utility bill, 
bank or insurance statement. Each copy should be legible, display your name and current mailing address, and the date of 
issue (statement dates must be recent). The credit reporting company may charge a reasonable fee of up to $5 to place a 
freeze or lift or remove a freeze, unless you are a victim of identity theft or the spouse of a victim of Identity theft, and have 
submitted a valid police report relating to the identity theft to the credit reporting company. 



AllClear Identity Repair Terms of Use 

If you become a victim of fraud using your personal information without authorization, AllClear ID will help recover your financial losses and 
restore your Identity. Benefits include: 

• 12 months of coverage with no enrollment required. 

• No cost to you — ever. AllClear Identity Repair is paid for by the participating Company. 

Services Provided 

If you suspect identity theft, simply call AllClear ID to file a claim. AllClear ID will provide appropriate and necessary remediation services 
(“Services’) to help restore the compromised accounts and your Identity to the state prior to the incident of fraud. Services are determined at the 
sole discretion of AllClear ID and are subject to the terms and conditions found on the AllClear ID website. AllClear Identity Repair is not an 
insurance policy, and AllClear ID will not make payments or reimbursements to you for any financial loss, liabilities or expenses you incur. 

Coverage Period 

Service is automatically available to you with no enrollment required for 12 months from the date of the breach incident notification you 
received from Company (the “Coverage Periocf). Fraud Events (each, an “Event') that were discovered prior to your Coverage Period are not 
covered by AllClear Identity Repair services. 

Eligibility Requirements 

To be eligible for Services under AllClear Identity Repair coverage, you must fully comply, without limitations, with your obligations under the 
terms herein, you must be a citizen or legal resident eighteen (18) years of age or older, and have a valid U.S. Soda! Security number. Minors 
under eighteen (18) years of age may be eligible, but must be sponsored by a parent or guardian. The Services cover only you and your personal 
financial and medical accounts that are directly assodated with your valid U.S. Social Security number, including but not limited to credit card, 
bank, or other financial accounts and/or medical accounts. 

How to File a Claim 

If you become a victim of fraud covered by the AllClear Identity Repair services, you must: 

• Notify AllClear ID by calling 1.855.434.8077 to report the fraud prior to expiration of your Coverage Period; 

• Provide proof of eligibility for AllClear Identity Repair by providing the redemption code on the notification letter you received from the 
sponsor Company; 

• Fully cooperate and be truthful with AllClear ID about the Event and agree to execute any documents AllClear ID may reasonably 
require; and 

• Fully cooperate with AllClear ID in any remediation process, Induding, but not limited to, providing AllClear ID with copies of all available 
investigation files or reports from any institution, Including, but not limited to, credit institutions or law enforcement agendes, relating to 
the alleged theft. 

Coverage under AllClear Identity Repair Does Not Apply to the Following: 

Any expense, damage or loss: 

• Due to 

o Any transactions on your financial accounts made by authorized users, even if acting without your knowledge, or 

o Any act of theft, deceit, collusion, dishonesty or criminal act by you or any person acting In concert with you, or by any of your 

authorized representatives, whether acting alone or in collusion with you or others (collectively, your “Misrepresentation"); 

• Incurred by you from an Event that did not occur during your coverage period; or 

• In connection with an Event that you fail to report to AllClear ID prior to the expiration of your AllClear Identity Repair coverage period. 
Other Exclusions: 

• AllClear ID will not pay or be obligated for any costs or expenses other than as described herein, induding without limitation fees of any 
service providers not retained by AllClear ID; AllClear ID reserves the right to investigate any asserted claim to determine its validity. 

• AllClear ID is not an Insurance company, and AllClear Identity Repair is not an insurance policy; AllClear ID will not make payments or 
reimbursements to you for any loss or liability you may Incur. 

• AllClear ID is not a credit repair organization, is not a credit counseling service, and does not promise to help you improve your credit 
history or rating beyond resolving incidents of fraud. 

• AllClear ID reserves the right to reasonably investigate any asserted claim to determine its validity. All recipients of AllClear Identity 
Repair coverage are expected to protect their persona! Information In a reasonable way at all times. Accordingly, redpients will not 
deliberately or recklessly disclose or publish their Sodal Security number or any other personal information to those who would 
reasonably be expected to Improperly use or disclose that Personal Information. 

Opt-out Policy 

If for any reason you wish to have your information removed from the eligibility database for AllClear Identity Repair, please contact AllClear ID: 


E-mail 

Mall 

Phone 

support@allclearid.com 

AllClear ID, Inc. 

1.855.434.8077 


823 Congress Avenue Suite 300 



Austin, Texas 78701 
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